On October 2nd, an updated version of a highly vicious strain of ransomware was released. This updated version of GandCrab v5 has caught the attention of many researchers and experts- and rightfully so.
This particular strain of ransomware has been deemed as the most prolific ransomware of 2018. The first attack of GandCrab was in late January of this year. Experts knew immediately that this ransomware was no joke and was very dangerous. Within one month of GandCrab’s first appearance, the ransomware had already infected more than 50,000 victims. With this intense success, authorities directed attention to GandCrab.
But with every solution authorities came up with, it was not long before the masterminds of GandCrab were up to something new. Since January, there have been continual updates to the ransomware, each time making the attack force a little bit stronger and a little bit more dangerous. One article accurately sums up the constant advancements of GandCrab by writing, “GandCrab has managed to stay one step ahead of many traditional security solutions and gain widespread popularity amongst criminals who rent it out for use in their own campaigns.”
Each step of improvement these criminals have developed, lead us here today, facing GandCrab version 5.0.4.
So what is different with GandCrab v5? One of the noted updates in this version “included appending a random 5-character extension to encrypted files and changes to the ransom note.” Why is this important? This code has also been noted to be tied to a vulnerability released back in August in Windows Task Scheduler. Which means that GandCrab could have the capability to gain a great deal of access to any device that has been infected with the Windows Task Scheduler ALPC zero-day vulnerability (CVE-2018-8440).
There are several ways GandCrab is believed to be infecting devices- such as the proess of malvertising or spam emails with infectious attachments.
Although this ransomware is extremely intense and dangerous, there are also ways to protect yourself from the virus. One way is through blocking GandCrab with tools such as Barkly. At The IT Company we believe that your security is highly important. With the recent release of GandCrab v5, it is important to research and find the best fit for your company. Cyber criminals are going to keep finding new ways to attack, that is not going to change. What can change, however, is what you have in place to protect yourself against these attacks.